Can I use my server as mail and webserver

[dagmawil]

I have a server which is online via an ADSL broadband which I get from our lSP. The server is being used as the domain controller for the LAN in my office. And there is a SonicWALL firewall between the Router and the LAN. So everything goes through the SonicWALL.

In order to use the server as the mail server I bought public IP addresses from the ISP and MX Exchanger is set for one of the IP so now any thing that is send to the with mail@company.com comes to my server since I also have done one-to-one NAT at the firewall. which meanys IP x.x.x.x is maped to the local IP y.y.y.y of the server. And this is working fine.

Now I want to use the same server to host my website. So I buy a domain name company.com.et and the ISP set another IP x.x.x.z for my domain name in their DNS server.

But I can not do another NAT on the firewall since it is not supporting to map to public IP for the same Local IP. Therefore though the website is well running locally it can not be accessed outside the local.

Is there any one who can give me a solution if I can use my server both as mail server and web server.

[dvb]

If your ISP assigns you multiple IP addresses and you can route them to the WAN IP on the SonicWall, you can create additional one-to-one NAT policies. Those NAT policies can point to services running on non-standard ports on the internal server.

Let's say that you run Apache on port 8080. You could set that up as a service on the SonicWall and then make that service the translated service for the policy. The original service would be HTTP (port 80). The original IP for the policy would be one of the routed IPs and the translated IP would be the server's private IP address. You of course need access rules to go with the NAT policies.

A variation on this would be to give the server a second private IP and then bind Apache to port 80 on that IP address only. That second private IP would then be the translated IP for the one-to-one NAT policy. This can make things a little easier on internal users who would otherwise have to add the port number to the Apache-served URLs.

Toward the same end, you can create a DNS loopback on the SonicWall so that internal clients can access the server using the external address/port. This eliminates the need for split DNS and multiple IPs on the server.

Please note that I am basing all of this on the version of SonicOS that I run on my company's Pro 2040: 4.0.0.1-49e (e=Enhanced). Not all versions of the SonicOS will work this way. The SonicWall web site has documents on all of this.

As for the ADSL router, what is the method of connection? Bridged? Routed? PPPoE/PPPoA? If your SonicWall is a NAT client to the ADSL router, there may be a better way to do things. Ideally, you want that ADSL router operating as a bridge so that the SonicWall can pick up all those IPs, the first of which being its WAN IP and the rest of the IPs being routed to the WAN IP. The private IPs should all be behind the SonicWall, if possible. At least that's how I would do it.

Dave

[phoenix]

There should be no problem if either Zimbra or Apache run on a different port than the standard port 80.

Your comment about not needing Split DNS is not quite correct, any Zimbra server behind a NAT device will need a local DNS server to be able to resolve it's IP address.

[dvb]

Sorry, I should have stated that split DNS was not needed where clients are concerned.